Systems and Methods for Assessing Internet Addresses

1. A computer-implemented method for assessing Internet addresses, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: identifying an Internet Protocol address; identifying a plurality of files downloaded from the Internet Protocol address; generating an aggregation of security assessments that relates to the Internet Protocol address and that is based at least in part on a security assessment of each of the plurality of files by: calculating a proportion of files downloaded from the Internet Protocol address with a negative security assessment; identifying a plurality of Internet sites that operate from the Internet Protocol address; determining a distribution identifying how the security assessments are distributed across the plurality of Internet sites; determining a trustworthiness of the Internet Protocol address based at least in part on the aggregation of security assessments by determining, based on the distribution, which of the Internet Protocol address and at least one of the plurality of Internet sites to convict as untrustworthy; facilitating a security action based at least in part on the trustworthiness of the Internet Protocol address.

2. The computer-implemented method of claim 1 , wherein determining the trustworthiness of the Internet Protocol address based on the aggregation of security assessments comprises determining, based on the distribution, that a diffusion of negative security assessments across the plurality of Internet sites exceeds a predetermined threshold.

3. The computer-implemented method of claim 1 , wherein determining the trustworthiness of the Internet Protocol address based on the aggregation of security assessments comprises: determining that a subset of the plurality of Internet sites accounts for at least a predetermined amount of usage of the Internet Protocol address; determining, based on the distribution, that a concentration of negative security assessments within the subset of the plurality of Internet sites falls below a predetermined threshold.

4. The computer-implemented method of claim 1 , wherein determining the trustworthiness of the Internet protocol address is further based on: identifying an amount of time that at least one Internet site has operated from the Internet Protocol address; determining that the amount of time falls below a predetermined threshold.

5. The computer-implemented method of claim 1 , wherein identifying the Internet Protocol address comprises determining that the Internet Protocol address is externally routable.

6. The computer-implemented method of claim 1 , wherein facilitating the security action comprises providing information about the trustworthiness of the Internet Protocol to a client system that performs the security action based at least in part on the information.

7. The computer-implemented method of claim 1 , wherein identifying the plurality of Internet sites comprises, for each Internet site in the plurality of Internet sites, determining that the Internet site is at least one of: under the control of a distinct entity; under the control of a distinct group; under the control of a distinct system.

8. A system for assessing Internet addresses, the system comprising: an identification module, stored in memory, that: identifies an Internet Protocol address; identifies a plurality of files downloaded from the Internet Protocol address; a generation module, stored in memory, that generates an aggregation of security assessments that relates to the Internet Protocol address and that is based at least in part on a security assessment of each of the plurality of files by: calculating a proportion of files downloaded from the Internet Protocol address with a negative security assessment; identifying a plurality of Internet sites that operate from the Internet Protocol address; determining a distribution identifying how the security assessments are distributed across the plurality of Internet sites; a determination module, stored in memory, that determines a trustworthiness of the Internet Protocol address based at least in part on the aggregation of security assessments by determining, based on the distribution, which of the Internet Protocol address and at least one of the plurality of Internet sites to convict as untrustworthy; a facilitation module, stored in memory, that facilitates a security action based at least in part on the trustworthiness of the Internet Protocol address; at least one hardware processor that executes the identification module, the generation module, the determination module, and the facilitation module.

9. The system of claim 8 , wherein the determination module determines the trustworthiness of the Internet Protocol address based on the aggregation of security assessments by determining, based on the distribution, that a diffusion of negative security assessments across the plurality of Internet sites exceeds a predetermined threshold.

10. The system of claim 8 , wherein the determination module determines the trustworthiness of the Internet Protocol address based on the aggregation of security assessments by: determining that a subset of the plurality of Internet sites accounts for at least a predetermined amount of usage of the Internet Protocol address; determining, based on the distribution, that a concentration of negative security assessments within the subset of the plurality of Internet sites falls below a predetermined threshold.

11. The system of claim 8 , wherein the determination module determines the trustworthiness of the Internet protocol address is further based on: the identification module is programmed to identify an amount of time that at least one Internet site has operated from the Internet Protocol address; the determination module is programmed to determine that the amount of time falls below a predetermined threshold.

12. The system of claim 8 , wherein the identification module identifies the Internet Protocol address by determining that the Internet Protocol address is externally routable.

13. The system of claim 8 , wherein the facilitation module facilitates the security action by providing information about the trustworthiness of the Internet Protocol to a client system that performs the security action based at least in part on the information.

14. The system of claim 8 , wherein the generation module identifies the plurality of Internet sites by, for each Internet site in the plurality of Internet sites, determining that the Internet site is at least one of: under the control of a distinct entity; under the control of a distinct group; under the control of a distinct system.

15. A non-transitory computer-readable-storage medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to: identify an Internet Protocol address; identify a plurality of files downloaded from the Internet Protocol address; generate an aggregation of security assessments that relates to the Internet Protocol address and that is based at least in part on a security assessment of each of the plurality of files by: calculating a proportion of files downloaded from the Internet Protocol address with a negative security assessment; identifying a plurality of Internet sites that operate from the Internet Protocol address; determining a distribution identifying how the security assessments are distributed across the plurality of Internet sites; determine a trustworthiness of the Internet Protocol address based at least in part on the aggregation of security assessments by determining, based on the distribution, which of the Internet Protocol address and at least one of the plurality of Internet sites to convict as untrustworthy; facilitate a security action based at least in part on the trustworthiness of the Internet Protocol address.

16. The non-transitory computer-readable-storage medium of claim 15 , wherein determining the trustworthiness of the Internet Protocol address based on the aggregation of security assessments comprises determining, based on the distribution, that a diffusion of negative security assessments across the plurality of Internet sites exceeds a predetermined threshold.

17. The non-transitory computer-readable-storage medium of claim 15 , wherein determining the trustworthiness of the Internet Protocol address based on the aggregation of security assessments comprises: determining that a subset of the plurality of Internet sites accounts for at least a predetermined amount of usage of the Internet Protocol address; determining, based on the distribution, that a concentration of negative security assessments within the subset of the plurality of Internet sites falls below a predetermined threshold.

18. The non-transitory computer-readable-storage medium of claim 15 , wherein determining the trustworthiness of the Internet protocol address is further based on: identifying an amount of time that at least one Internet site has operated from the Internet Protocol address; determining that the amount of time falls below a predetermined threshold.